EddyHawk's Info List
---
FILE (ENCRYPTER/CIPHER), VERIFIER
---
-TinyIDEA
By: Fauzan Mirza (England)
Year: 1995-1999
V3 [1996]
heavy size optimization
V4 [1999]
heavy size optimization
by Mark Andreas
disadv: PGP-crypted, key only available for USA resident
Note: the smallest IDEA cipher implementation
-TinyFish
by: Dutra Lacerda
Note: the smallest BlowFish cipher implementation
-BFA (BlowFish Advanced)
By: Markus Hahn
Compiler: BP V7.0 (?)
V7 [1996?]
uses Blowfish, Blowfish32, TDES & Cobra cipher & mixing of them
GUI
shareware
max 5 char passphrase
note: the doc mentions that this triple DES implementation isn't real
because it removes initial & final permutation (considered as
cryptographically worthless) to speed things up
-UCRYPT (UltraCRYPT)
By: AIP-NL (The Netherlands)
Compiler: Borland C++ [1991] + assembly
V2.37b [1996]
UCrypt is part of UC2 archiver and is designed to crypt uc2 archive only,
but we can trick it to crypt anyfile by putting UC2 ID header ('UC2'+ 1Ah)
in front of the file-to-be-crypted
UCrypt uses 2 encryption algorithms:
-3DES (Triple DES) + MD5
apparently AIP-NL doesn't aware that MD5 is (half) broken in 1996
.uses MD5 output as 2 random DES keys
.crypt with key1, decrypt with key2, crypt with key1 (112 bit)
but this isn't? 3DES:
UCrypt doesn't process each block 3 times, but the whole file 3 times
.since UCrypt passes my no-pattern-file test, it surely uses a
chaining mode (ex: CBC). since DES-crypted block isn't the same
with 3DES-crypted block while serves as IV to next block,
it will generates different? ciphertext than standard 3DES
.crypt keys with password & crypted file
it means that the keys are stored in crypted archive
-equal to trap door :)
while imho, the password should be hashed with MD5 to be 2 DES keys, not
current time/date? hashed through MD5
and does UCrypt use 3DES again to crypt those keys? I don't think so
apparently the password is directly used as the crypt key
.the (de)cryption is very slow (of course, it's DES :)
for 2,636kb (2,700,000 byte) file on my 1st computer:
crypt: 242 second, decrypt: 233 second
or about 80+ second for single DES
while my Mr.Hyde V0.46a can attain 13 second
.UCrypt is claimed to be enhanced against brute-force attack
-maybe it adds salt on password to 'frustate on-line password guesser'
-MD5 based one time pad
.of course, this is not OTP, because the key must be:
-truly random numbers
-as large as plaintext
-used only once
.password -> MD5 hash -> PRNG?
.the (de)cryption is slow
for 2,700,000 byte file on my computer: crypt/decrypt=80/78 second
UCrypt has 'destroy plaintext' option:
-very slow wiping (wipe,fill,scramble,wipe,scramble,delete)
-doesn't erase file entry
-I think SWAG/WipeFile (used in Mr.Hyde) is faster & more secure :)
src is available only to be verified
-PKZIP -S
By: PKWARE (USA)
V1.0
broken by Biham & Kocher's attack < 1 day with few 100b of known plaintext
V2.04g [1993?]
stream cipher
variable length key
V2.50 [1999]
Note: part of PKZIP archiver (can only crypt ZIP archive)
-PGP (Pretty Good Privacy)
By: Philip Zimmerman (USA) et al/Network Associates
year: 1990-2000
Type: pub-key.(ciph/sign/verifi)er, free
V2.3 [1993?]
at that time, USA regulation classified its strong crypt as weapon, so
USA residents was unallowed to export them. PGP uses RSA and becoming
very popular until it spreads overseas. To be safe, 2 PGP version is
made. USA PGP user can continue using usual PGP, while non-USA PGP
user are advised to only use PGP international release (PGPi) to help
the author
V2.6.3 [1996]
V5.0 [1997]
DOS32 ver (last? DOS ver)
uses Diffie-Hellman, IDEA & CAST cipher
V6.53 [2000]
Win32 ver
Bussiness version
-CRY
By: Harry J. Smith
Year: 1987-1992
Compiler: BP V6.0, BC++ [1991]
V6.00 [Nov 1992]
C & Pascal src is provided
spent 1,400 hours of author time
Note: to replace DES
-PEGWIT
By: George Barwood
Compiler: TopSpeed C [1989] (?)
Type: pub-key.(ciph/sign/verifi)er, free
V8.71
Note: uses Elliptic Curve, Square cipher, SHA1 hash
-BLOWFISH-CBC
By: Dutra Lacerda (Portugal)
Compiler: BP V7.0
V1.5a [27 Aug 1996]
src is provided
but prog x uses non-pub 8086 ASM routines -> faster
uses BlowFish cipher
crypt speed ~ 200,000b/sec (incl. I/O time)
no longer updated?
-ARJ -G
by: Robert K. Jung/ARJSoftware
V2.75a [Oct 2000]
crypt uses
simple XOR (-g) -> easy? to break
GOST 28147-89 cipher in 64bit CFB mode
40bit key (-g -hg!) to meet USA export regulation (but not anymore?)
separate module ARJCRYPT.COM, 256bit key (?) (-g -hg)
only for USA user
note:
-g(arble) is simply transform passphrase into same length key and
repeatly xor it with same length archive data
part of ARJ archiver (can only crypt ARJ archive)
-Krypto
by: Bathysphere
V1.1 [1993]
up to 255 char passphrase
note:
crypt uses date/time stamp (same plaintext -> different ciphertext)
if U change crypted file d/ts, decrypt will fail regardless of correct key
author: crypt uses novel chaos theory
-Mr.Hyde
by: EddyHawk
V0.54a [Nov 2000]
EdH:
anyone dares to review or should I? :)
Morgan et al reported few security flaws, but I don't thoroughly test it
-Hermes
by: Morgan (Poland)
type: 386, fpu, 4Mb RAM, dos > v3.3
V1.0b [22 Oct 2000]
can't run under win
note:
pres uses SixPack
crypt uses FFT, PRNGs, PNC, buffer permute, double feedback stream cipher,
polymorphism
-VCH (VouCH)
by: Awais M. Hussain (Pakistan?)
year: 1993-1997
type: 386, verifier
compiler: tc v2.0 [1988]
V1.3 [May 1997]
lite ver